Enterprise Risk Management: A Primer for Business Leaders – Part I (Evolution of the Corporate Risk Management Function – 1950 to 1976)

​Until the 1990s, few business leaders thought of risk management as something broader than the procurement and administration of corporate insurance. In this article, we explore how the corporate risk management function came about and the insights of some of the early voices that anticipated the rise of the new field that today is known as Enterprise Risk Management (“ERM”).

“Making good decisions in the face of uncertainty and risk probably began during the earliest human existence.  Evolution favored those human creatures able to use their experience and minds to reduce the uncertainty of food, warmth, and protection. Homo sapiens survived by developing ‘an expression of an instinctive and constant drive for defense of an organism against the risks that are part of the uncertainty of existence.’  This ‘genetic expression’ can be construed as the beginning of risk management, a discipline for dealing with uncertainty.”

​- Felix Kloman, A Brief History of Risk Management,  in Enterprise Risk Management, Today’s Leading Research and Best Practices for Tomorrow’s Executives, at p. 19, edited by John Fraser & Betty Simkins (Wiley, 2010)

Thomas Stearns (”T.S.”) Eliot is a literary giant of the twentieth century.  Eliot considered a set of poems known as the Four Quartets to be his masterpiece for which he was awarded the 1948 Nobel Prize in Literature.  The fourth poem of the Quartets is entitled Little Gidding (1942) and it reminds the reader of Eliot’s day (then England trying to survive the German air raids of World War II) that we should strive to keep learning, regardless of age, to keep looking at our world through fresh eyes, and to resist becoming slavish to our routines and habits.   Near the end of Little Gidding, Eliot writes at lines 865 to 869:

With the drawing of this Love and the voice of this Calling
We shall not cease from exploration
And the end of all our exploring 
Will be to arrive where we started 
And know the place for the first time.

Mindful of Eliot’s admonition to be continuous learners, we started this compilation of essays by defining risk management as the process of building and maintaining an interdisciplinary framework for learning to thrive in uncertainty.  We began with a discussion of corporate longevity as a key metric, the need for business leaders to become “chief learners” that serve within an institutional learning system, and why an institutional learning system is essential to effective risk management. From there, we suggested replacing the word risk with uncertainty.  Uncertainty is a broader and more inclusive concept than risk which too often is focused on what is foreseeable, what can be measured, and what can be done to control or prevent the downside.

Our task now is to focus on the first part of our definition of risk management:  an interdisciplinary framework.  We live at a time when there is much confusion over what constitutes an interdisciplinary framework for risk management and how it should be achieved.  Invariably, this discussion regarding concepts and visions for an interdisciplinary framework to manage uncertainty is referred to as enterprise risk management or integrated risk management.  Understanding how this confusion came about requires going back to the beginning of corporate risk management.

Historically, corporate risk management has been viewed as a narrow function primarily concerned with the procurement and administration of insurance policies that cover various business activities of an organization.  The idea of buying insurance policies for a business dates back to the London coffeehouses of the 1600s (today Lloyd’s of London) where people gambled on whether ships sailing to America would return in one piece.  Over the next 300 years, this bartering of risk (swapping a small loss (premium) in exchange for a promise to contribute in the payment of a large loss (e.g., a ship sinking)) would grow into a global insurance market.  By the 1940s, this marketplace had evolved to the point that companies could buy insurance for a number of activities that might result in potential loss of property or potential damage to employees and third parties.

A decade later – the 1950s – corporate handling of insurance had become so complicated and time-consuming that businesses created a full-time position known in most companies as the “insurance manager” who, if working in the United States, was likely to belong to a professional association comprised of fellow insurance managers.  At that time, this professional association was called NIBA, an abbreviation for National Insurance Buyers Association, and the association’s journal was entitled The National Insurance Buyer (In 1955, NIBA changed its name to ASIM for the American Society of insurance Management and in t975, ASIM would be renamed as Risk & Insurance Management Society (RIMS) which is the current name of the organization which has grown to more than 10,000 risk professionals working in over 60 countries).

Writing for the Harvard Business Review in 1956, Russell Gallagher, the insurance manager of Philco Corporation in Philadelphia, proposed that the professional insurance manager should take on additional duties and function as a corporate risk manager. Gallagher and other contemporaries (Dr. Wayne Snider and Dr. Herbert Denenberg of the University of Pennsylvania) argued that this individual should be an executive and that corporate risk management should concern itself with four basic questions:

1. How should a company go about analyzing its risks?  What factors should it look for?  What difficulties is it likely to encounter?
2. What efforts should be made to avert or abate risks?  What kind of steps are possible?  What are the pitfalls and dangers?
3. When should a company insure itself against risks?  How should commercial insurance be purchased?  How can insurance costs be kept to a minimum?
4. What problems arise in the administration of risk management?  What kind of authority should the risk manager have, and how can he get cooperation in carrying out his program? (R. Gallagher, Risk Management:  New Phase of Cost Control at 76, Harvard Business Review (July 1956)).

By the 1970s, other visionaries such as Felix Kloman had picked up on the thinking of Russell Gallagher and others who believed that risk management should be much more than the procurement and administration of commercial insurance and that the whole subject was becoming increasingly disjointed and fragmented.  In a 1976 article entitled “The Risk Management Revolution” published by Fortune magazine, Kloman documented how companies were slicing corporate risk management into pieces without conscious thought or deliberation.  Financial officers created tools such as hedging and interest swaps to deal with financial risks such as currency levels and interest rates.  Operations focused on product quality, product safety and business continuity.  Executives and boards concerned themselves with growth and optimization of capital.

Over time, even the corporate insurance function became disjointed and fragmented.  The conservation of physical assets and control of insurance purchasing became the province of the treasurer or the chief financial officer.  Meanwhile, the law department toiled away at controlling losses and submitting insurance claims, sometimes in disagreement with the risk manager who fretted about trying to explain the rising costs of premiums to senior executives uninterested in anything other than short-term numbers.  The insurance wars that ensued over asbestos and environmental losses eventually led to the following insight:
The truth, as risk managers know, is that as soon as the insurance industry is faced with major risks – latent diseases, product liability, AIDS, among others – it runs for cover and leaves industry to its own devices.  Basically, society cannot expect much help from insurers in sorting out its risk problems because insurers are interested not in risk reduction . . . but in risk predictability (Christ Best, London Perspective, Risk Management (Feb. 1989)).

Felix Kloman put it this way:  insurance “. . . is an industry trying to build its edifice on the sands of certainty and predictability in a world in which uncertainty and unpredictability are the bedrocks (Felix Kloman, Risk Management Agonistes, Risk Analysis, Vol 10, No. 2 (1990)).

​In sum, the questions posed by Russell Gallagher and his contemporaries in 1956 remain current and relevant.  In the next section, we will trace how thinking about corporate risk management continued to evolve in the 1970s and 1980s.